新建UserController.java文件
UserController.java
@Controller("user")
@RequestMapping("/user")
public class UserController {
public void getUser(@RequestParam(name = "id")Integer id){
//调用service服务获取对应id的用户对象并返回给前端
}
}
UserService
public interface UserService {
//通过用户Id获取用户对象的方法;
void getUserById(Integer id);
}
UserServiceImpl.java
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserDOMapper userDOMapper;
@Override
public void getUserById(Integer id) {
//调用userDOMapper获取到对用的用户的dataobject
UserDO userDO = userDOMapper.selectByPrimaryKey(id);
}
}
注意
UserDO不能传递给前端,修改代码;
在service层增加UserModel,创建UserModel.java文件
UserModel.java,完整的usermodel应该包含密码,所以添加进来。UserModel需要增加 用户的密码,其通过userPasswordDOMapper从userPasswordDO得到
public class UserModel {
private Integer id;
private String name;
private Byte gender;
private Integer age;
private String telphone;
private String regisitMode;
private Integer thirdPartyId;
private String encrptPassword;
public void setId(Integer id) {
this.id = id;
}
public void setName(String name) {
this.name = name;
}
public void setGender(Byte gender) {
this.gender = gender;
}
public void setAge(Integer age) {
this.age = age;
}
public void setTelphone(String telphone) {
this.telphone = telphone;
}
public void setRegisitMode(String regisitMode) {
this.regisitMode = regisitMode;
}
public void setThirdPartyId(Integer thirdPartyId) {
this.thirdPartyId = thirdPartyId;
}
public void setEncrptPassword(String encrptPassword) {
this.encrptPassword = encrptPassword;
}
public Integer getId() {
return id;
}
public String getName() {
return name;
}
public Byte getGender() {
return gender;
}
public Integer getAge() {
return age;
}
public String getTelphone() {
return telphone;
}
public String getRegisitMode() {
return regisitMode;
}
public Integer getThirdPartyId() {
return thirdPartyId;
}
public String getEncrptPassword() {
return encrptPassword;
}
}
UserController.java
@Controller("user")
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@RequestMapping("/get")
@ResponseBody
public UserModel getUser(@RequestParam(name = "id") Integer id) {
//调用service服务获取对应id的用户对象并返回给前端
UserModel userModel = userService.getUserById(id);
return userModel;
}
}
UserPasswordDOMapper.xml添加代码:
<select id="selectByUserId" parameterType="java.lang.Integer" resultMap="BaseResultMap">
select
<include refid="Base_Column_List" />
from user_password
where user_id = #{userId,jdbcType=INTEGER}
select>
UserPasswordDOMapper.java添加代码:
userPasswordDO selectByUserId(Integer UserId);
UserService.java
public interface UserService {
//通过用户Id获取用户对象的方法;
UserModel getUserById(Integer id);
}
UserServiceImpl.java
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserDOMapper userDOMapper;
@Autowired
private UserPasswordDOMapper userPasswordDOMapper;
@Override
public UserModel getUserById(Integer id) {
//调用userDOMapper获取到对用的用户的dataobject
UserDO userDO = userDOMapper.selectByPrimaryKey(id);
if (userDO==null){
return null;
}
//通过用户ID获取对应的用户加密密码信息
UserPasswordDO userPasswordDO = userPasswordDOMapper.selectByUserId(userDO.getId());
return convertFromDataObject(userDO,userPasswordDO);
}
private UserModel convertFromDataObject(UserDO userDO, UserPasswordDO userPasswordDO){
if (userDO==null){
return null;
}
UserModel userModel = new UserModel();
BeanUtils.copyProperties(userDO,userModel);
if (userPasswordDO!=null){
userModel.setEncrptPassword(userPasswordDO.getEncrptPassword());
}
return userModel;
}
}
在数据库中手动给两个表中添加字段;
在浏览器中输入:
http://localhost:8090/user/get?id=1
运行成功!
直接给前端用户返回了UserModel,使得攻击者可以直接看到密码
需要在controller层增加一个viewobject模型对象
UserVO.java
public class UserVO {
private Integer id;
private String name;
private Byte gender;
private Integer age;
private String telphone;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public Byte getGender() {
return gender;
}
public void setGender(Byte gender) {
this.gender = gender;
}
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
public String getTelphone() {
return telphone;
}
public void setTelphone(String telphone) {
this.telphone = telphone;
}
}
UserController.java
@Controller("user")
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@RequestMapping("/get")
@ResponseBody
public UserVO getUser(@RequestParam(name = "id")Integer id){
//调用service服务获取对应id的用户对象并返回给前端
UserModel userModel = userService.getUserById(id);
//将核心领域模型用户对象转化为可供UI使用的viewobject
return convertFromModel(userModel);
}
private UserVO convertFromModel(UserModel userModel){
if (userModel==null){
return null;
}
UserVO userVO = new UserVO();
BeanUtils.copyProperties(userModel,userVO);
return userVO;
}
}